A Flaw In Slack, The Group Messaging App That's Going Viral In Silicon Valley, Exposes The Names Of Chat Rooms To Anybody

Blogger Tanay Sai on Wednesday discovered a major issue with Slack, the "viral" team communication platform that's taken Silicon Valley by storm, raising $60 million in funding in the process.

When using the Slack client for Mac, Sai discovered that you can visit Slack.com, enter a fake email address with any real company domain (like Apple.com, Google.com, etc.), and you can see all of the internal Slack teams associated with that company.

You can't enter the Slack rooms, but you can see the names of the rooms. As Sam Biddle at Valleywag points out:

Sure, you can't actually join the teams, or see what channels exist within them, or read a single letter that's been exchanged. But I now know there's a Slack team at Google called "Tribe Wearables"-does that mean they acquired this company? Even if this isn't sensitive information, it's still information-and that's not what people are paying Slack to do.

In some cases, performing this maneuver lets you see what these companies are working on. Check it out:

Here's Apple:

And Microsoft:

And The New York Times:

And The Wall Street Journal:

And Twitter:

And Amazon:

And Uber:

And Lyft:

And last but certainly not least, Slack:

You can try this with basically any company you can think of - Slack is particularly hot among Silicon Valley startups.

We've reached out to Slack for comment, and the company said it would get back to us shortly.